Category: Jeff Lanza’s Blog

WASHINGTON: The US Justice Department announced indictments Wednesday for 36 people accused of running a transnational ring stealing and selling credit card and personal identity data, causing US$530 million in losses.

Thirteen members of the “Infraud Organization” were arrested in the United States, Australia, Britain, France, Italy, Kosovo and Serbia, it said.

Created in Ukraine in 2010 by Svyatoslav Bondarenko, Infraud was a key hub for card fraud, touting itself with the motto “In Fraud We Trust.”

It was “the premier one-stop shop for cybercriminals worldwide,” said Deputy Assistant Attorney General David Rybicki.

Members could buy and sell card and personal data for use to buy goods on the internet, defrauding the card owners, card issuers and vendors.

Infraud operated automated vending sites to make it easy for someone to buy card and identity data from them. It had 10,901 approved “members” registered to buy and sell with them in early 2017, and maintained a rating and feedback system for members.

The senior administrators continuously screened the products and services of vendors “to ensure quality products,” said the indictment.

The group operated moderated web forums to share advice among customers, and operated an “escrow” service for payments in digital currencies like Bitcoin, the Justice Department said.

“As alleged in the indictment, Infraud operated like a business to facilitate cyberfraud on a global scale,” said Acting Assistant Attorney General John Cronan.

The network of indicted Infraud leaders included people from the United States, France, Britain, Egypt, Pakistan, Kosovo, Serbia, Bangladesh, Canada and Australia.

Bondarenko remains at large, but the number two figure in the organization, Russian co-founder Sergey Medvedev has been arrested, according to US officials.–AFP

SB 1163 would overturn a 2008 law that allows each of the three major credit reporting agencies to charge $5 every time someone wants to lock their credit to prevent anyone from opening a new account in their name.

Gary Hammond, a retired banker, told lawmakers that there’s nothing inherently wrong with Equifax, Experian and TransUnion gathering information about consumers. Hammond said he used credit reports in his 37 years in the business.

But he reminded lawmakers that Equifax had a major data breach, exposing the Social Security numbers, birth dates, current addresses and even, in some cases, the driver’s license numbers of more than 145 million people, “all the information you would lead to assume someone else’s identity.”

And while the company offered a temporary credit freeze, Hammond said that does not go to the root of the problem of making people pay to keep credit bureaus from not only losing but also selling off their personal information.

He acknowledged that $5 does not seem like much. But Hammond explained to lawmakers it’s not that simple — or that cheap.

Consider a husband and wife. With three credit bureaus, that $15 to freeze credit to protect themselves.

Then unfreezing it to get a loan to buy a home or car is another $15, with the couple forced to pay yet another $15 to freeze their credit again afterwards.

Kim Allman, who lobbies for the parent company of the Tempe-based identity protection firm LifeLock, said it’s important that people be able to freeze the credit. She cited a report which said that 15 million people nationwide lost a combined $16 billion in identity theft in 2016.

“Credit freezes are one small step consumers can take to protect themselves,” she said. And Allman questioned the current Arizona law.

“Stop for a moment and think about this arrangement: Consumers must pay the credit bureaus just to secure their personal sensitive information, information that’s often collected without the consumers’ consent,” she said. And, echoing Hammond, they then have to pay again to unfreeze the credit report to finance a major purchase, and yet again to reinstate the freeze.

Hammond said lawmakers should not be worried that forcing credit bureaus to provide free freezes and thaws to credit reports would somehow be unfair to the companies.

“Their primary business model is to package and sell this information to credit card companies, banks and direct mail marketers,” he said.

“You and I are not their major customers,” Hammond explained. “We are simply data points and statistics that they can package, slice, dice and sell to their real customers.”

Sen. Rick Gray, R-Sun City, said he was glad to vote for the measure. Gray said he found it particularly “appalling” that Equifax, in the wake of the data breach, offered free credit monitoring — but only if consumers would agree not to sue the company for the breach.

The measure, sponsored by Sen. Kate Brophy McGee, R-Phoenix, now goes to the full Senate.

If it survives the full legislative process and is signed into law, it would make Arizona just one of 10 states where residents could no longer be charged for the service.

The 2017 filing season could be the worst yet for tax-related crime. With widespread confusion about the new tax law, IRS budget cuts, and a record-breaking year for data compromises, there’s an opening for fraud that should be serious cause for alarm, but doesn’t seem to be.

The bottom line: you should be concerned.

Last tax year, the IRS stopped 787,000 confirmed identity theft returns, totaling more than $4 billion. For the same nine-month period in 2015, the IRS stopped 1.2 million confirmed identity theft returns, totaling about $7.2 billion. There were many other widely reported wins. But what did not get reported was how much money scammers stole. Given the IRS’s estimate that 2016 would see a loss of $21 billion via fraud, one wonders.

That was then. The compromise of 143 million people in the Equifax EFX, +0.38% breach changed all that. It included Social Security numbers—compromised SSNs being the most common “pre-existing condition” of crimes committed against the U.S. Treasury, and as such that breach poses a significantly increased threat difference over previous years.

We’re looking at a far more significant threat of tax-related fraud in the 2017 filing season than ever before. Compounding this situation, the IRS is less able to fend off the threat of identity-related tax fraud than it was last year.

Overworked

I know it’s risky to publicly sympathize with the nation’s most hated federal agency, but I can’t imagine it’s been much fun to work at the Internal Revenue Service since Congress passed its new tax bill (note that I’m not suggesting there was ever a time I could imagine it might be fun to work at the IRS).

With the new tax year just begun, the agency is racing to find real-world applications for the numerous changes to the tax code conceived in the hothouse of Congress, where ideas do not always (or perhaps even very often) jibe with real life, and the daily concerns of actual Americans has more the feel of an annoyance than a matter of, say, central importance.

There are significant logistical challenges posed by the new tax bill. First order of business is getting the changes in place that need to be implemented now, for instance the coding to adjust withholding, which the IRS hopes will make its first appearance on pay stubs as early as February. There are other provisions that affect the here-and-now, like the new trigger for health care deductions, as well as a decent-sized punch list of smaller changes—all of which needing the immediate attention of a greatly diminished staff in the coming months.

Underpaid

Remember those cuts back in 2010? The agency was denuded of $900 million, which led to the loss of 21,000 jobs. That’s a major problem right now.

The last time there was tax overhaul like the current one, “Walk Like an Egyptian” was on the radio and cable TV was just finding its way into the suburbs. Today, Twitter TWTR, +0.51% feeds are reloaded continually, and late-show hosts joke about the size of the presidential button.

In 1986, the IRS got a budget increase to accomplish the increased workload, but this time around, “the House and Senate appropriations bills for 2018 would cut the IRS budget by an additional $155 million and $124 million, respectively,” according to the National Treasury Employees Union.

What you can do

Wait times were more than an hour last year. The helpline matters because people don’t read tax bills, or even news stories about them. The questions will be many—far more than usual. They will be on a host of topics. People will call in reaction to good, bad and neutral information.

‘Is there nothing to worry about till this time next year?’ ‘Do I need to fill out a new W4?’ ‘Is my tax bracket the same?’

The only question that matters is this one: What’s the best way to avoid becoming a victim of tax-related fraud? The answer: file your tax return as soon as you have all the necessary documents to get the job done.

While it’s important to sort out what’s what with regard to the coming changes in our nation’s tax code, it’s crucial to take a look at the simple fact that people are confused, and that creates a beneficial state for fraud to flourish.

For time being, the only “solution” is beating scammers to the punch.

With everything that the IRS needs to do to function well, budgetary issues necessarily come to the fore. We should all be voicing concern about the agency’s ability to safeguard taxpayers from refund fraud given the current situation. And we should all be doing everything we can to protect ourselves in a hostile environment.

Adam Levin is co-founder of Credit.com, chairman and founder of CyberScout, and former director of the New Jersey Division of Consumer Affairs.